Slashdot Mirror

← Back to Stories (view on slashdot.org)

Worm Exploiting Solaris Telnetd Vulnerability

Posted by Zonk on from the beware-of-rotten-fruit dept.

MichaelSmith writes "Several news sites are reporting that a worm is starting to exploit the Solaris Telnet 0-day vulnerability. By adding simple text to the Telnet command, the system will skip asking for a username and password. If the systems are installed out of the box, they automatically come Telnet-enabled. 'The SANS Internet Storm Center, which monitors Internet threats, has noticed some increase in activity on the network port used by Solaris' telnet feature, according to an ISC blog posted on Tuesday. "One hopes that there aren't that many publicly reachable Solaris systems running telnet," ISC staffer Joel Esler wrote.'"

1 of 164 comments (clear)

  1. *nix is great, but M$ works for Joe Average by JamesNewton · · Score: 0, Offtopic
    I love how *nix people are passionate about thier OS's. I'm sure Solaris or Red Hat are great. But not for the average computer user who just wants to get the job done. Microsoft gets a lot of blame and some of it is deserved, I'm sure, but here is what they are up against: They make an OS that the average jerk like me can get work done with and not get hacked (millions of examples to the contrary will now be posted).

    I've run three *nix boxes and any number of M$ boxes. All three *nix boxes were hacked, and yes, I'm sure it was because I "wasn't a good admin" and "didn't do the first thing I should have." Two were Red Hat and one was Solaris. For the Solaris box, I hired a professional *nix herder with years of experience on Solaris, a guy who worked for a major stock broker, and the box STILL got hacked... maybe because of this issue.

    At the same time, I was running Personal Web Server on my '98 box at the office without a firewall of any kind. No problems, no hacking, no worries. It just worked. Yes, yes... I'm sure I was just lucky. My servers today are all M$, all behind professional firewalls, and all run like clockwork.

    Despite how it sounds, I'm not trying to slam *nix here or send additional $$$ to M$. I'm just trying to point out that until *nix gets work done out of the box with defaults that assume the operator is a bonehead, M$ will still have a place in the world. I'm sure if you all tried, you would be able to do a better job than they do of making a secure out of the box FOSS OS.

    Keep trying guys.